Thursday, May 22, 2014

(SIGILL//FVPNS//NOPORN//FORNFCK//MRKLBANG)I made quantum-dns available in my github.Its simple to use (non-recursive) DNS server forIPv4 and IPv6 and also works without having anIP address assigned to the interface (i.e. it cananswer any DNS query).Similar to my writeup on QUANTUMINSERT it also containsa demo FoxAcid script for HTTP. Theoretically it'd also quite easy to make STARTTLS disappear with quantum-dns if its notenforced on the sender side. While with QUANTUMINSERTyou need to see the TCP sequence# and port, with DNS youneed the XID and port, so it makes entirely sense tohave good passive capabilities for e.g. 3G/4G.A monitor port on a large peering point is enough capability though.Thats a sample run from my lab (please forgive me :)

And yes thats trivially to implement, but so isQUANTUMINSERT which is so easy that I never considered itan attacking scenario either. It was fun to code thoughto get hands on DNS again. For DNSSEC support, you needto purchase special license. :)

Friday, May 16, 2014

After cleaning up the sources a bit and makingsure it compiles on current Linux distros, I uploadedmy old IPv4/IPv6 load balancer to my github.I started this project in 2004, back in the daysat university. 10 years ago, it was the first load balancer available for IPv6 and in 2006 I finally presented the project atsome balancing conference in Silicon Valley.(Even though you see some other names of my CS departmentthere, the whole code is written by me. In academics howeveryou form research groups and you are not going to rockthe world single-core.)It works on IP level, so its suitable to balanceSSL/VPN/tor traffic etc too. For IPv4 it has integratedfailover/hotplug support for the backend nodes.